Last modified on August 10, 2022
Relays, much like gateways, are how the strongDM network connects with resources such as databases and servers. Unlike a gateway, the relay does not listen for client connections.
When might this be helpful? For a secure network where you are not able to expose ports, the strongDM relay is the answer. The relay dials out to connect to your gateways, preserving the egress-only nature of your firewall, but allowing your strongDM clients to reach any configured resources in the network via those connections. To learn more, see the introduction to Relays page.
Generating a Relay token
- Generate a relay token. Log into the Admin UI and select Network > Relays in the navigation. Click the add relay button in the upper right, and a box will pop up. You can rename the relay here, or do it later. Click on create and the relay token will appear onscreen.Copy the relay token and put it aside. You will need it again in a later step.
- Set up a 64-bit Linux instance that will run the relay. Machines should have at least 2 CPUs and 4 GB of memory. If the instance is using SELinux you will need to disable SELinux to install the relay.
- Log in to the relay instance and download the SDM binary:
$ curl -J -O -L https://app.strongdm.com/releases/cli/linux
- Unzip it:
$ unzip sdmcli_*_linux_amd64.zip
- Run the installer:
$ sudo ./sdm install --relay
/etc/passwdfile. Any users remotely authenticated, such as with LDAP or an SSO service, will fail to complete the installation.
- You will be prompted for the relay token you created in Step 1. Paste it into the terminal and press enter. For security purposes you will not see the token on the screen.
- Log in to the Admin UI and the relay you created should now appear as online, with a heartbeat. You may need to hard refresh the page.
- Repeat this process to create a second relay if you wish. We recommend running them in pairs for high-availability.
If any errors occur, please copy them into an email and send to firstname.lastname@example.org.